Skip to main content
CVE-2020-27348 MEDIUM POC PATCH This Month

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Snapcraft Ubuntu Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-29565 MEDIUM POC PATCH This Month

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Horizon Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-27770 MEDIUM POC This Month

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-28916 MEDIUM POC PATCH This Month

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-25449 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cabot
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-29562 MEDIUM POC This Month

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Fedora E Series Santricity Os Controller
NVD
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-16123 MEDIUM POC PATCH This Month

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Ubuntu Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-27409 MEDIUM PATCH This Month

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-29561 MEDIUM This Month

An issue was discovered in SonicBOOM riscv-boom 3.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Risvc Boom
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy